Data controller; has to take all appropriate technical and administrative measures in order to prevent unlawful processing and access of personal data and to ensure the protection of these data.
If the processed personal data is obtained illegally by others, this will be reported by the data controller to the relevant person and the Personal Data Protection Board as soon as possible.
The Board may, if necessary, announce this situation on its website or by any other suitable method.
If the processed personal data is obtained illegally by others, the data controller shall notify the relevant person and the Board of this matter as soon as possible.
It has been decided that the shortest period statement will be interpreted as 72 hours with the decision of the Personal Data Protection Board dated 24.01.2019 and numbered 2019/10. In this context, the data controller will notify the Board without delay and within 72 hours at the latest from the date of learning about this situation.
Following the identification of the persons affected by the data breach in question, the data controller shall notify the relevant persons via appropriate methods within the shortest reasonable time.
"Personal Data Violation Notification Form" on the website of the Personal Data Protection Authority will be used in the notification to be made to the Board.
If the data breach is experienced by the data controller residing abroad, if the consequences of this violation affect the relevant persons residing inTurkey and the relevant persons benefit from the products and services offered in Turkey, the data controller will notify the Board within the framework of the same principles.
If a data breach occurs, a data breach response plan will be prepared by the data controller.
The data breach response plan will be reviewed periodically. The plan will include issues such as to whom to report, notifications to be made within the scope of the Law, the issue of evaluating the possible consequences of data breaches, and determining who is responsible for them.
The Data Breach Notification form should only be completed by the Data Controller.
Applications with Complaint and Notice content will be submitted to the Authority in writing or at https://sikayet.kvkk.gov.tr.